CNNVD-202512-2247 Information

CNNVD ID

CNNVD-202512-2247

Related CVE

CVE-2025-67720

• CNNVD Published: 2025-12-11

Description (Chinese)

pyrofork是Mayuri-Chan开源的一个接口框架。 pyrofork 2.3.68及之前版本存在路径遍历漏洞，该漏洞源于未正确清理文件名，可能导致文件路径构造问题。

Description (English)

Pyrofork is an interface framework for Mayuri-Chan open source. There is a loophole in the pyrofork 2.3.68 and previous versions, which stems from an incorrect cleanup of the file name, which may lead to a problem with the construction of the file path.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Mayuri-Chan

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/Mayuri-Chan/pyrofork/commit/2f2d515575cc9c360bd74340a61a1d2b1e1f1f95 https://github.com/Mayuri-Chan/pyrofork/security/advisories/GHSA-6h2f-wjhf-4wjx

Patch

https://github.com/Mayuri-Chan/pyrofork/tags